General
-
Target
6eb118ec56eb43af883cc2029f5c0578b681d6cb47871cbadb290a5f5b0eb35c
-
Size
486KB
-
Sample
240620-ylcrjsvdrg
-
MD5
c2b8ef494b3fe7ea3f21d3bb97d80bfb
-
SHA1
774669fca4a453214c0907decc57b8a079165de5
-
SHA256
6eb118ec56eb43af883cc2029f5c0578b681d6cb47871cbadb290a5f5b0eb35c
-
SHA512
9a3ac6289b5fc9bbf8e91d133beac11f4e95416343c4920a9e0549bbf7526ee968a5f211d9dbf9e2809d369b6527848cb31da43a4b48cdbbef9ee3bf78250f33
-
SSDEEP
6144:xWLAovSawIJWgiFEXmbxrM6y7gFFOKS9ssavei6OsUtvRMDEjoTI:kMmSawIJWgsEUyzDKVvP6lkGD
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
6eb118ec56eb43af883cc2029f5c0578b681d6cb47871cbadb290a5f5b0eb35c
-
Size
486KB
-
MD5
c2b8ef494b3fe7ea3f21d3bb97d80bfb
-
SHA1
774669fca4a453214c0907decc57b8a079165de5
-
SHA256
6eb118ec56eb43af883cc2029f5c0578b681d6cb47871cbadb290a5f5b0eb35c
-
SHA512
9a3ac6289b5fc9bbf8e91d133beac11f4e95416343c4920a9e0549bbf7526ee968a5f211d9dbf9e2809d369b6527848cb31da43a4b48cdbbef9ee3bf78250f33
-
SSDEEP
6144:xWLAovSawIJWgiFEXmbxrM6y7gFFOKS9ssavei6OsUtvRMDEjoTI:kMmSawIJWgsEUyzDKVvP6lkGD
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-